CVE-2013-7345

Priority

Low

Description

The BEGIN regular expression in the awk script detector inmagic/Magdir/commands in file before 5.15 uses multiple wildcards withunlimited repetitions, which allows context-dependent attackers to cause adenial of service (CPU consumption) via a crafted ASCII file that triggersa large amount of backtracking, as demonstrated via a file with manynewline characters.

jdstrand> see regression fix in DSA-2873-2 mdeslaur> introduced in 5.05, but included in Debian specific patch mdeslaur> in older releases. mdeslaur> The fix for this issue was not complete, resulting in mdeslaur> CVE-2014-3538. The proper fix in CVE-2014-3538 is intrusive.